Security hardening: secrets, validation, Docker, and error handling

- Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed
- Load JWT SECRET_KEY from environment variable instead of hardcoded value
- Restrict CORS to explicit methods/headers instead of wildcards
- Add Pydantic Field validation (gt=0) to purchase amounts and user credentials
- Add logging to all silent exception handlers in btc.py
- Run backend and frontend Docker containers as non-root appuser
- Add .dockerignore for both backend and frontend
- Pass SECRET_KEY env var through docker-compose; add healthchecks to both services
- Update bcrypt from pinned 3.2.2 to >=4.0.0
- Capture error objects in frontend catch blocks; check admin delete response

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

btc-portfolio/backend/app/services/btc.py

@@ -1,6 +1,9 @@
+import logging
 import requests
 from datetime import datetime, timezone
 
+logger = logging.getLogger(__name__)
+
 
 def get_btc_history_eur() -> list:
     try:
@@ -11,7 +14,8 @@ def get_btc_history_eur() -> list:
         )
         resp.raise_for_status()
         return resp.json().get("prices", [])  # [[timestamp_ms, price], ...]
-    except Exception:
+    except Exception as e:
+        logger.error(f"Failed to fetch BTC history: {e}")
         return []
 
 
@@ -25,7 +29,8 @@ def get_btc_ohlc_eur(days: int) -> list:
         )
         resp.raise_for_status()
         return resp.json()  # [[timestamp_ms, open, high, low, close], ...]
-    except Exception:
+    except Exception as e:
+        logger.error(f"Failed to fetch BTC OHLC: {e}")
         return []
 
 
@@ -58,5 +63,6 @@ def get_btc_price_eur() -> float:
         )
         resp.raise_for_status()
         return float(resp.json()["bitcoin"]["eur"])
-    except Exception:
+    except Exception as e:
+        logger.error(f"Failed to fetch BTC price: {e}")
         return 0.0